On Wed, Jul 6, 2011 at 9:33 AM, Randal Rust <randalr...@gmail.com> wrote: > We have a site where if we create a folder or file on the server the > Owner/Group is one name (foo/foo) and if we use the CMS the > Owner/Group is another (bar/bar). > > Typically, we set folder permissions to 0777 so that we don't have to > open and close directories for uploading files. However, a hacker > uploaded a couple of files to one of these directories last week, so I > am trying to add code that uses chmod() to properly open and close > directories. > > The issue I'm running into is that this only works through the CMS if > the Owner/Group of the directory or file is bar/bar. > > I'm trying to figure out what my options are here.
The rules are that only root can change ownership of a file. So group id is the only one you have to play with here. A user can change the group id of a file to any group they are a member of. In this case, I'd set folder ownership to foo:bar and folder permissions to 770. Your host will need to do that for you if foo is not a member of the bar group. Also, you won't be able to manually manage the files if you aren't a member of bar. _______________________________________________ New York PHP Users Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/Show-Participation
